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(54) Method of effecting mutual authentication 

(57) A random number generated from a host 
device upon a first mutual authentication or a random 
number obtained by processing the generated random 
number is stored in a random number storage area of 

IC CARD 



an IC apparatus and used upon a second mutual 
authentication. 
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1 EPO 

Description 

BACKGROUND OF THE INVENTION 

Field of the Invention: 

This invention relates to an IC card system that 
needs high security, and particularly to a method of 
mutually authenticating both an IC card and a host 
device suitable for use in the IC card. 

Description of the Related Art: 

This type of mutual authenticating method has 
heretofore comprised a first certification or authentica- 
tion for confirming the validity of a host or high level 
device on the IC card side and a second certification or 
authentication for confirming the validity of an IC card 
on the host device side. 

The first authentication will first be described. 

The IC card generates a random number R1 using 
a random number generating means incorporated 
therein and effects an encoding (e.g., enciphering by 
way of example) process on the generated random 
number R1 to create data X. Further, the host device 
receives the random number Rl from the IC card and 
effects the encoding process on the random number R1 
to create data X'. The IC card receives the data X' from 
the host device and makes a comparison between the 
data X and X' so as to authenticate the validity of the 
host device. 

The second authentication will next be described. 

The host device generates a random number R2 
using a random number generating means provided 
therein and effects an encoding process on the gener- 
ated random number R2 to create data Y\ Further, the 
IC card receives the random number R2 from the host 
device and effects an encoding process on the random 
number R2 to create data Y The host device receives 
the data Y from the IC card and performs a comparison 
between the data Y and Y' so as to certicate the validity 
of the IC card. 

At this time, the generation of the random number 
for each mutual authentication and the creation of the 
different X and Y values for each mutual authentication 
are intended to prevent a malicious third party who has 
monitored the exchange of telegraphic messages used 
during the previous mutual authentication, from obtain- 
ing the mutual authentication through the exchange of 
the previously-used same messages with one another. 
In an IC card system that needs higher security, a proc- 
ess for creating the X and Y values using different enci- 
pherment keys is commonly performed in accordance 
with the first and second authentications. 

SUMMARY OF THE INVENTION 

An object of the present invention is to provide a 
method of effecting mutual authentication, which is suit- 
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able for eliminating the need of random number gener- 
ating means such as a hard random number generator, 
a means for generating a random number by software 
using a microprocessor, etc. from an IC apparatus, 
s According to one aspect of the present invention, 

for achieving the above object, there is provided a 
method of effecting mutual authentication, comprising 
the following processes: 

to a first mutual authentication and a second mutual 
authentication subsequent to the first mutual 
authentication each of which comprising a first 
authenticating process and a second authenticating 
process, the first autheticating process for allowing 

75 an IC apparatus to compare data obtained by 
encoding a random number stored in a random 
number storage area of the IC apparatus with the 
IC apparatus and data obtained by encoding the 
random number stored in the random number stor- 

20 age area with a host device, the second authenti- 
cating process for allowing the host device to 
compare data obtained by encoding a random 
number generated from the host device with the IC 
apparatus and data obtained by encoding the ran- 

25 dom number generated from the host device with 
the host device, the second authenticating process 
of the first mutual authentication for storing the ran- 
dom number generated from the host device in the 
random number storage area, the first authenticat- 

30 ing process of the second mutual authentication for 

using the random number generated from the host 
device upon the second authenticating process of 
the first mutual authentication. 

35 Further, the present application discloses other var- 
ious inventions made to achieve the above object. 
These inventions will be understood from the appended 
claims, the following embodiments and the accompany- 
ing drawings. 

40 

BRIEF DESCRIPTION OF THE DRAWINGS 

While the specification concludes with claims par- 
ticularly pointing out and distinctly claiming the subject 

45 matter which is regarded as the invention, it is believed 
that the invention, the objects, features of the invention 
and further objects, features and advantages thereof 
will be better understood from the following description 
taken in connection with the accompanying drawings in 

50 which: 

Fig. 1 is a view showing a mutual authentication 
processing procedure of a first embodiment of the 
present invention; 
55 Fig. 2 is a view illustrating a mutual authentication 
processing procedure of a second embodiment of 
the present invention; and 

Fig. 3 is a view depicting a mutual authentication 
processing procedure of a third embodiment of the 
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present invention. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

Fig. 1 shows a mutual authentication processing 
procedure of a first embodiment of the present inven- 
tion. The first embodiment will be described with refer- 
ence to Fig. 1. 

An IC card(corresponding to IC apparatus)com- 
prises at least a random number storage area 1 com- 
posed of an electrically rewritable storing means such 
as an Electrically Erasable Programmable Read Only 
memory(hereinafter called an EEPROM) or the like, first 
and second authentication keys 2 and 3, an encipher- 
ment processing means 4 for performing an enciphering 
process, a comparing means 5 for making a compari- 
son between data, and a first flag 6 for judging whether 
the validity of a host or high level device has been nor- 
mally authenticated. 

On the other hand, the host device includes a first 
authentication key 2' identical to the first authentication 
key 2, a second authentication key 3* identical to the 
second authentication key 3," an encipherment process- 
ing means 4', a comparing means 5' and a random 
number generating means 7. 

The operation of the first embodiment will now be 
described. 

Firstly, the host device requires the IC card to out- 
put the data stored in the random number storage area 
1 . In doing so, the IC card outputs a random number R1 
corresponding to the data stored in the random number 
storage area 1 to the host device (Step 1). 

Using the encipherment processing means 4", the 
host device enciphers the random number R1 with the 
first authentication key 2' to create enciphered data X' 
and outputs the created enciphered data X* to the IC 
card (Step 2). 

Using the encipherment processing means 4, the 
IC card enciphers the random number Rl with the first 
authentication key 2 to create enciphered data X. Next, 
the IC card compares the enciphered data X and the 
enciphered data X' output from the host device through 
the use of the comparing means 5. If they match with 
each other, then the IC card sets M 1" to the first flag 6 
(Step 3). 

Next, the host device generates a random number 
R2 using the random number generating means 7 and 
outputs it to the IC card (Step 4). 

Using the encipherment processing means 4, the 
IC card enciphers the random number R2 with the sec- 
ond authentication key 3 to create enciphered data Y 
and outputs the created enciphered data Y to the host 
device. Further, the IC card allows the random number 
storage area 1 to store the random number R2 therein 
as a substitute for the random number Rl (Step 5). 

Using the encipherment processing means 4', the 
host device enciphers the random number R2 with the 
second authentication key 3' to create enciphered data 



Y\ Next, the host device compares the enciphered data 
Y and the enciphered data Y' using the comparing 
means 5'. If they coincide with each other, then the host 
device judges that the mutual authentication has been 

5 completed and proceeds to the next process using an 
IC card for transactions or the like (Step 6). 

Incidentally, the first flag 6 is cleared to "0" upon 
suppliment of the power to the IC card or on its reset. In 
the case of a process necessary to make a decision as 

to ■ to the validity of the host device subsequent to Step 6, 
the IC card judges whether the first flag 6 is T' and the 
process should be done. 

According to the first embodiment as described 
above, since the IC card allows the random number 

?£ storage area to store the random number R2 generated 
from the host device as the substitute for the random 
number Rl upon the present mutual authentication, the 
IC card outputs the random number R2 corresponding 
to the data stored in the random number storage area to 

20 the host device upon the next mutual authentication 
when the host device requires the IC card to output the 
data stored in the random number storage area. Thus, 
upon the next mutual authentication, the random 
number R2 is used as a random number utilized for 

25 judging the validity of the host device as in the case of 
the random number Rl used upon the present mutual 
authentication. 

Thus, in the first embodiment, the IC card is not 
required to have the random number generating means 

30 therein and hence a chip for the IC card can be simpli- 
fied in structure. Accordingly, even an IC card with no 
microprocessor, which is composed of only both simple 
logic capable of providing enciphering/encoding and a 
• comparison decision and an EEPROM, enables the 

35 mutual authentication, whereby a cost-reduced and 
high-security IC card system can be achieved. 

Fig. 2 shows a mutual authentication processing 
procedure of a second embodiment of the present 
invention. The same elements of structure as those 

40 shown in Fig. 1 are identified by the same reference 
numerals and their description will therefore be omitted. 

In the second embodiment, a random number 
processing data area 8 and an XOR circuit 9 are further 
added to the IC card shown in Fig. 1. 

45 The second embodiment is identical in operation to 
the first embodiment at Steps 1 through 4 but different in 
operation from the first embodiment at Step 5. 

In the first embodiment, at Step 5, the random 
number R2 input from the host device has been stored 

so in the random number storage area as it is. In the sec- 
ond embodiment on the other hand, the random number 
processing data area 8 and the XOR circuit 9 are pro- 
vided. The XOR circuit 9 executes exclusive-OR func- 
tion as to the random number R2 input from the host 

55 device and the data stored in the random number 
processing data area 8. The resultant random number 
is stored in a random number storage area as a substi- 
tute for a random number R1 . 

Thus, when the host device requires the IC card to 
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output the data stored in the random number storage 
area upon the next mutual authentication, the IC card 
outputs a random number (corresponding to the ran- 
dom number obtained by executing exclusive-OR func- 
tion as to the random number R2 and the data stored in 5 
the random number processing data area 8) to the host 
device. Thus, upon the next mutual authentication, the 
random number obtained by executing the exclusive- 
OR {unction referred to above is used as a random 
number utilized for judging the validity of the host device w 
as in the case of the random number R1 used upon the 
present mutual authentication. 

According to the second embodiment as described 
above, since it is difficult to externally understand that 
the random number R2 for the present mutual authenti- 75 
cation is being used to make a decision as to the validity 
of the host device at the time of the next mutual authen- 
tication, security higher than that obtained in the first 
embodiment can be achieved. 

In the second embodiment, even if first and second 20 
authentication keys are integrated into one. enciphered 
data input from the IC card to a comparing means of the 
host device upon a certain mutual authentication is dif- 
ferent in value from enciphered data input from the host 
device to a comparing means of the IC card upon the 25 
next mutual authentication. Thus, in the second embod- 
iment, the IC card can be simplified in structure without 
decreasing security against those respectively provided 
with the first and second authentication keys even if the 
authentication keys are integrated into one. 30 

In the second embodiment, the XOR circuit 9 is pro- 
vided but an AND circuit, an OR circuit or a bit inverter 
or the like may be provided in place of the XOR circuit 9. 
Further, the data stored in the random number process- 
ing data area 8 may be stored in a mask ROM or the 35 
like. Alternatively, the data may be provided within an 
EEPROM so as to change at regular intervals. Further- 
more, the balance data or the like stored in the EEP- 
ROM may be utilized as it is without specially providing 
the random number processing data area 8. Since the 40 
balance data is changed in this case each time the IC 
card is used, an improvement in security can be yielded 
without the need for changing the data at regular inter- 
vals. Further, even if the random number R2 is stored in 
the random number storage area 1 as it is and the ran- 45 
dom number R2 and the data stored in the random 
number processing data area 8 are executed exclusive- 
OR function at the time of the next mutual authentica- 
tion and the resultant random number is output to the 
host device at Step 1 , the same effect as described so 
above can be obtained. 

Fig. 3 shows a mutual authentication processing 
procedure of a third embodiment. The third embodiment 
will be described below with reference to Fig. 3. 

An IC card comprises at least a random number 55 
storage area 1 composed of an electrically rewritable 
storing means such as an EEPROM or the like, first and 
second authentication keys 2 and 3, an encipherment 
processing means 4 for performing an enciphering 
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process, a comparing means 5 for performing a com- 
parison between data, first and second flags 6 and 10, 
a random number processing data area 8 and an XOR 
circuit 9. 

On the other hand, a host device comprises a first 
authentication key 2' identical to the first authentication 
key 2, a second authentication key 3* identical to the 
second authentication key 3, an encipherment process- 
ing means 4', a comparing means 5' and a random 
number generating means 7. 

The operation of the third embodiment will now be 
described. 

First of all, the host device requires the IC card to 
output the data stored in the random number storage 
area 1. In doing so, the IC card outputs a random 
number Rl corresponding to the data stored in the ran- 
dom number storage area 1 to the host device (Step 1). 

Using the encipherment processing means 4', the 
host device enciphers the random number Rl with the 
first authentication key 2' to create enciphered data X' 
and outputs the created enciphered data X' to the IC 
card (Step 2), 

Using the encipherment processing means 4, the 
IC card enciphers the random number R1 with the first 
authentication key 2 to create enciphered data X. Next, 
the IC card compares the enciphered data X and the 
enciphered data X' output from the host device through 
the use of the comparing means 5. If they match with 
each other, then the IC card sets "1" to the first flag 6 
and the second flag 10 (Step 3). 

Next, the host device generates a random number 
R2 using the random number generating means 7 and 
outputs it to the IC card (Step 4). 

Using the encipherment processing means 4, the 
IC card generates enciphered data Y obtained by enci- 
phering the random number R2 with the second authen- 
tication key 3 and outputs the created enciphered data 

Y to the host device. Further, the IC card checks the 
second flag 10. If the second flag 10 is found to have 
been set to "1", then the IC card allows the random 
number storage area 1 to store therein data obtained by 
exclusive-ORing the data stored in the random number 
processing data area 8 and the random number 2 as a 
substitute for the random number R1 , and clears the 
second flag 10 to "0", Further, if the second flag 10 is 
found to have been set to "0", then the IC card prohibits 
a new random number from being stored in the random 
number storage area 1 (Step 5). 

Using the encipherment processing mean 4*. the 
host device enciphers the random number R2 with the 
second authentication key 3* to create enciphered data 
Y\ Next, the host device compares the enciphered data 

Y and the enciphered data Y* using the comparing 
means 5'. If they coincide with each other, then the host 
device judges that the mutual authentication has been 
completed and proceeds to the next process for trans- 
actions or the like (Step 6). 

Incidentally, the first flag 6 and the second flag 10 
are respectively cleared to "0" upon application of the 
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power to the IC card or upon its reset. In the case of a 
process needed to perform the mutual authentication 
subsequent to Step 6, the IC card confirms whether the 
first flag 6 and the second flag 10 are respectively "1" 
and "0" and judges whether the next process should be 
done. 

According to the third embodiment as described 
above, the second flag 10 is provided. When the second 
flag 10 is "0\ no new random number is stored in the 
random number storage area 1. Thus, even if a mali- 
cious third party recognizes a method of generating a 
random number to be stored in a random number stor- 
age area and monitors the previously-executed mutual 
authentication, the third party is not able to store the 
random number Rl stored in the random number stor- 
age area 1 upon the previous interauthentication in the 
random number storage area again and execute a first 
certification or authentication (corresponding to the 
authentication for judging the validity of the host device) 
in the same method as described previously. 

In the third embodiment, the second flag -10 is fur- 
ther added to the second embodiment. However, the 
second flag 10 may be provided in the first embodiment 
Namely, the IC card compares the enciphered data X 
and the enciphered data X" output from the host device 
through the used of the comparing means 5 at Step 3 in 
the first embodiment. If they match with each other, then 
the IC card sets "1" to the first flag 6 and also sets "1 " to 
the second flag 10. At Step 5, the IC card checks the 
second flag 10. If the second flag 10 is found to have 
been set to "V, then the random number R2 is stored in 
the random number storage area 1 and the second flag 
10 is cleared to M 0 H . 

It is needless to say that the idea of the third 
embodiment may be applied to the first embodiment in 
this way. 

In the !C card system, the mutual authentication is 
effected on a partial process such as a monetary proc- 
ess or the like according to purposes. There may be 
cases where most of processes are subjected to only 
card authentication (second authentication) by the host 
device. Since no random number is stored in the ran- 
dom number storage area 1 in this case, the number of 
times that the EEPROM corresponding to the random 
number storage area is renewed, can be reduced as 
compared with the first and second embodiments, 
whereby the effect of increasing the life of the IC card 
can be brought about. 

In the first through third embodiments, the enci- 
phering process is performed using the authentication 
keys. However, an encoding process for executing a 
given specific process may be performed as an alterna- 
tive to the enciphering process. If the random number 
storage area 1 is of an electrically rewritable nonvolatile 
storing means, then any one may be used. Further, the 
compar ing means 5 and 5' may be hard means such as 
a comparator or the like or may be a soft process exe- 
cuted by a microprocessor. However, the use of the 
comparator as the comparing means 5 on the IC card 



side makes it possible to simplify the IC card in struc- 
ture. Incidentally, the polarities of the first flag 6 and the 
second flag 10 are not necessarily limited to the polarity 
shown in the embodiment. 

5 In the third embodiment, whether or not the second 

flag 10 is "1" is judged by the comparing means 5 but 
may be determined by a simple gate means. 

In the embodiments according to the present inven- 
tion, the encoding has been described by using the term 

io encipherment by way of example. It is however need- 
less to say that the encipherment processing means 
may perform the encoding process other than the enci- 
phering process. 

Incidentally, the present invention is applicable to a 

is system using all sorts of portable data carriers and are 
not necessarily limited to card forms. 

While the present invention has been described 
with reference to the illustrative embodiments, this 
description is not intended to be construed in a limiting 

20 sense. Various modifications of the illustrative embodi- 
ments, as welt as other embodiments of the invention, 
will be apparent to those skilled in the art on reference 
to this description, it is therefore contemplated that the 
appended claims will cover any such modifications or 

25 embodiments as fall within the true scope of. the inven- 
tion. 

Claims 

30 1. A method of effecting mutual authentication, com- 
prising the following processes: 

a first mutual authentication and a second 
mutual authentication subsequent to the first 

35 mutual authentication each of which compris- 

ing a first authenticating process and a second 
authenticating process, the first autheticating 
process for allowing an IC apparatus to com- 
pare data obtained by encoding a random 

40 number stored in a random number storage 

area of the IC apparatus with the IC apparatus 
and data obtained by encoding the random 
number stored in the random number storage 
area with a host device, the second authenti- 

45 eating process for allowing the host device to 

compare data obtained by encoding a random 
number generated from the host device with 
the IC apparatus and data obtained by encod- 
ing the random number generated from the 

so host device with the host device, the second 

authenticating process of the first mutual 
authentication for storing the random number 
generated from the host device in the random 
number storage area, the first authenticating 

55 process of the second mutual authentication 

for using the random number generated from 
the host device upon the second authenticating 
process of the first mutual authentication. 
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A method of effecting mutual authentication, com- 
prising the following processes: 

a first mutual authentication and a second 
mutual authentication subsequent to the first 5 
mutual authentication each of which compris- 
ing a first authenticating process and a second 
authenticating process, the first autheticating 
process for allowing an IC apparatus to com- 
pare data obtained by encoding a random w 
number stored in. a random number storage 
area of the IC apparatus with the IC apparatus 
and data obtained by encoding the random 
number stored in the random number storage 
area with a host device, the second authenti- is 
eating process for allowing the host device to 
compare data obtained by encoding a random 
number generated from the host device with 
the IC apparutus and data obtained by encod- 
ing the random number generated from the 20 
host device with the host device, the second 
authenticating process of the first mutual 
authentication for storing a random number 
obtained by processing the random number 
generated from the host device in the random 25 
number storage area , the first authenticating 
process of the second mutual authentication 
for using the random number obtained by 
processing the random number generated from 
the host device upon the second authenticating 30 
process of the first mutual authentication. 

A method of effecting mutual authentication, com- 
prising the following processes: 

35 

a first mutual authentication and a second 
mutual authentication subsequent to the first 
mutual authentication each of which compris- 
ing a first authenticating process and a second 
authenticating process, the first authenticating 40 
process for allowing an IC apparatus to com- 
pare data obtained by encoding a processed 
random number obtained by processing a ran- 
dom number stored in a random number stor- 
age area of the IC apparatus with the IC 45 
apparatus and data obtained by encoding the 
processed random number with a host device, 
the second authenticating process for allowing 
the host device to compare data obtained by 
encoding a random number generated from the so 
host device with the IC apparatus and data 
obtained by encoding the random number gen- 
erated from the host device with the host 
device, the second authenticating process of 
the first mutual authentication for storing the 55 
random number generated from the host 
device in the random number storage area, the 
first authenticating process of the second 
mutual authentication for processing and using 



the random number generated from the host 
device upon the second authenticating process 
of the first mutual authentication. 

4. A method of effecting mutual authentication, com- 
prising the following processes; 

a first mutual authentication and a second 
mutual authentication subsequent to the first 
mutual authentication each of which compris- 
ing a first authenticating process and a second 
authenticating process, the first authenticating 
process for allowing an IC apparatus to com- 
pare data obtained by encoding a random 
number stored in a random number storage 
area of the IC apparatus with the IC apparatus 
and data obtained by encoding the random 
number stored in the random number storage 
area with a host device, the second authenti- 
cating process for allowing the host device to 
compare data obtained by encoding a random 
number generated from the host device with 
the IC apparatus and data obtained by encod- 
ing the random number generated from the 
host device with the host device, the second 
authenticating process of the first mutual 
authentication for storing the random number 
generated from the host device in the random 
number storage area in response to the result 
of comparison obtained upon the first authenti- 
cating process of the first mutual authentica- 
tion, the first authenticating process of the 
second mutual authentication for using the ran- 
dom number generated from the host device 
upon the second authenticating process of the 
first mutual authentication. 

5. A method of effecting a mutual authentication, com- 
prising the following processes: 

a first mutual authentication and a second 
mutual authentication subsequent to the first 
mutual authentication each of whichi compris- 
ing a first authenticating process and a second 
authenticating process, the first authenticating 
process for allowing an IC apparatus to com- 
pare data obtained by encoding a random 
number stored in a random number storage 
area of the IC apparatus with the IC apparatus 
and data obtained by encoding the random 
number stored in the random number storage 
area with a host device, the second authenti- 
cating process for allowing the host device to 
compare data obtained by encoding a random 
number generated from the host device with 
the IC apparatus and data obtained by encod- 
ing the random number generated from the 
host device with the host device, the second 
authenticating process of the first mutual 
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authentication for storing a random number 
obtained by processing the random number 
generated from the host device in the random 
number storage area in response to the result 
of comparison obtained upon a first authenti- 5 
eating process of the first mutual authentica- 
tion, the first authenticating process of the 
second mutual authentication for using said 
processed random number. 

70 

6. A method of effecting a mutual authentication, com- 
prising the following processes: 

a first mutual authentication and a second 
mutual authentication subsequent to the first 15 
mutual authentication each of which compris- 
ing a first authenticating process and a second 
authenticating process, the first authenticating 
process for allowing an IC apparatus to com- 
pare data obtained by encoding a processed 20 
random number obtained by processing a ran- 
dom number stored in a random number stor- 
age area of the IC apparatus with the IC 
apparatus and data obtained by encoding said 
processed random number with a host device. 25 
the second authenticating process for allowing 
the host device to compare data obtained by 
encoding a random number generated from the 
host device with the IC apparatus and data 
obtained by encoding the random number gen- 30 
erated from the host device with the host 
device, the second authenticating process of 
the first mutual authentication for storing the 
random number generated from the host 
device in the random number storage area in 35 
response to the result of comparison obtained 
upon a first authenticating process of the first 
mutual authentication, the first authenticating 
process of the second mutual authentication 
for processing and using the random number 40 
generated from the host device upon the seo- 
cond authenticating process of the first mutual 
authentication. 

7. A method of mutual indentification for a first device 45 
and a second device to be coupled thereto, com- 
prising performing first and second authentications, 

the first authentication comprising: encoding a 
first random number (R1) in the first device to so 
provide a first item of data (X), encoding the 
first random number (R1) in the second device 
to provide a second item of data (X'), and com- 
paring the first and second items of data (X,X*) 
the second authentication comprising: encod- 55 
ing a second random number -R2) in the sec- 
ond device to provide a third of data (V), 
encoding the second random number (R2) in 
the first device to provide a fourth item of data 



(Y), and comparing the third and fourth items of 
data (Y,Y') 

characterised by deriving the first random 
number from the second random number. 

8. A method according to claim 7 wherein the second 
random number (R2) is used as the first random 
number (R1) for performance of the first authentica- 
tion. 

9. A method according to claim 7 wherein the first ran- 
dom number (R1) for a further performance of the 
first authentication is derived from the second ran- 
dom number (R2) and further data (8) derived from 
the first device. 

10. An IC card configured to operate as said first device 
in a method according to any one of claims 7, 8 or 
9. 

1 1 . A host device configured to operate as said second 
device in a method according to any one of claims 
7, 8 or 9. 
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